Monday, May 28, 2007

Bradford school covering up on seeking parental consent

Over on Tarique's blog it seems that his child's school has stretched the truth on the issue of obtaining parental consent before fingerprinting children, after they were put under pressure by Kirklees Council in Huddersfield. In his words the school has "blatantly lied to them" (the council).

Tarique has written to the council about the school's fabrication that they claim to have sought parental consent to take children's biometrics. Schools misleading local councils/LEA's, I would have thought, is a very serious matter. Lets see how Kirklees Council deals with this.

Biometric lunch goes 'live' in Shropshire

The Shropshire Star reports that Lakelands School, in Ellesmere, Shropshire has bought a biometric cashless lunch system, the system goes 'live' on June 6th after the half term holiday.

The school bursar explains that : “The pupils will be using the device which reads their fingerprint and brings up their account which will come up on the till with a picture.”

Do pupils really need to give up a digital photograph and and fingerprint to enable them to eat lunch...?

Wednesday, May 23, 2007

Irish schools eager to fingerprint children

According to this article 50 schools in Ireland have expressed an interest in installing biometrics in the past month. Costs are between 10-20,000 euros dependent on the size on the school.

John Beckett, managing director of Byamsys, the company selling the fingerprint systems, states:

“There’s no way to reproduce the data we store as a fingerprint. We don’t store the data as a fingerprint. When students check in their fingerprint is scanned and converted into a string of letters and numbers which is encrypted and then compared to the encrypted file that we have already for that person. There’s never a decryption process."

How can he state there is never a decryption process? Has he got the ability to scry into the future? See Kim Cameron's site "Just lie to sell your product" ...

Digital Rights Ireland have rightly expressed their concerns over the increase of the use of biometric technology in schools, their Chairman TJ McIntyre states:

“There is a standard that’s used across the industry for biometrics to ensure different systems are compatible... but what they [biometric vendors] don’t explain is that the information used there is capable of being reconstructed to give you soft fingerprint information and it’s still possible to be used in police work."

Bernie Goldbach of Digital Rights Ireland, “With a card you’re not exactly sure it’s the same person but most kids don’t give up cards that have money on them and they don’t lose them. They learn a bit of responsibility without losing a part of their identity."

Responsibility and ownership of ones identity is a crucial lesson for children to learn as they grow up in a digital age.

However the messages they receive from using biometrics without question in schools is a potentially dangerous lesson that we, in our ignorance, are teaching them.

The Data Protection Commissioner in Ireland has issued guidelines about the use of biometric fingerprinting in schools. The main stipulation was that parents and children over 18 had to give their consent to use the system and that schools also carry out a detailed 38 point Privacy Impact Assessment before installing biometric fingerprint systems to limit any legal claims for damages in the future from students.

The guidelines are not statutory and are simply advice.

Friday, May 18, 2007

Local councils take matters into their own hands

Concerns over fingerprinting children in schools for library, canteen and food purposes have prompted Gloucestershire County Council to start forming a policy around the use of biometrics in the county. Andrew Clymer has been discussing the issue of biometric databases in schools with the council:

"Investing time and effort in understanding the implications of biometrics does not need to be done by every school, it needs to be done centrally were money can be spent employing the experts from both sides of the argument to present a balanced and informed view, that will further enable the decision makers to make an efficient and informed decision. This information needs to be made available in a prominent place, and not buried on some government web site." of yet, no advice is on any government site - so I will join Andy in congratulating councils who move ahead in this direction in the absence of any advice given by government, DfES, the ICO and BECTA.

At Hull City Council, council leaders are also currently looking at issuing fact based, non bias advice to schools considering, or using, biometric technology.

Advice given to schools in Ireland by their Data Commissioner is detailed and comprehensive, recommending that schools carry out a Privacy Impact Assessment with 38 points to consider before purchase of biometric systems.

Although not statutory it does recommend schools do a Privacy Impact Assessment to minimise the risk of future legal actions for damages by students.

Tuesday, May 15, 2007

A bit of fun!

On a lighter note why not test out your knowledge on biometrics in schools - the Leave Them Kids Alone site has a great quiz for both novices and experts alike!

I particularly like the recommendation if you score 0-2 points at the bottom of the answers page.

Monday, May 14, 2007

Retina scanning for class registration?

Possible scanning of children's retinas could take place for school registration at Big Wood School in Nottingham. The school has yet to decide on eye scanning or fingerprinting...

"The idea is being considered for the school's new £18m building, part of the Government's Building Schools for the Future programme." (Just as I blogged about here)

Graham Chapman, Nottingham City Council portfolio holder for education, said retina scans would be good providing they improve efficiency - and if information is not passed on to third parties."The thing to worry about is confidentiality," he added. "That's essential."

Worry indeed. With no record being kept of where these children's biometric databases are, who has access to them, how data is deleted and no reporting systems set up for compromised/stolen data confidentiality absolutely cannot be assured by anyone.

It is thought the retina scanning at Big Wood would be the first in the county - Paul Easton, spokesman for UK Biometrics, which produces fingerprinting systems, described the technology involved as 'really high-end stuff' mainly used by the Government and military'.

Actually it is not the first school to try retinal scanners. The Venerable Bede Church of England School in Ryhope binned their retinal scanner when instead of the promised 12 pupils per minute, the system managed to process a mere five.

These are children's attitudes to the fingerprint library system in a neighbouring school:

"It has a futuristic thing to it. It's cool. We don't have to bring in library cards."

"No one can steal your print but people can steal your ID card,"

"It's exciting. I like taking books out - but I'm not even that bothered about reading ."

Just what message is the next generation getting from this technology when we we naively impose it on them.

Data Protection Acts

Hong Kong scrapped fingerprinting children in schools last year as the Justice of the Peace at the Hong Kong Office of the Privacy Commissioner, Roderick Woo said it conflicted with their Data Protection Act he decided: "It was a contravention of our law, which is very similar to your law, which is that the function of the school is not to collect data in this manner, that it was excessive and that there was a less privacy-intrusive method to use."

SCHEDULE 1 [s. 2(1) & (6)]
"the data are adequate but not excessive in relation to that purpose."

"Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed."

However we in the UK are still rolling out biometric systems in schools for fingerprinting and now iris scanning and our data protection act virtually reads the same in regard to excessive and adequate data held.

Do children really need to give up their biometrics for a library book or food? I'm with Roderick Woo on this one.

Friday, May 11, 2007

More from Kim Cameron

Kim Cameron has been blogging some more on this issue about the minutes of a school board meeting in Florida... here.

Apart from the old sales spiel "the biometric images cannot be used by law enforcement for identification purposes. Only a mathematical algorithm remains in the system after registration, not finger images." a new slant on the technology is explained in the sales pitch given to the schools board:

"The [lunch] cards become unsanitary, because the children put them in their mouths. To solve these problems, schools are using biometric scanners in the cafeteria. The student places their index finger on a scanner" and 100's children's fingers touching a scanner, then touching their food is more hygienic because...?

I don't think I want any other children's "biometrics" on my kids fingers just before they eat.

Apart from the hygiene issues, absolutely educational establishments should be given the bare facts not a sales pitch, but at the moment it seems a free for all for the vendors of school biometric systems with the industry taking our hard earned taxes in profits. Just think where better spent this money could be used to enhance our children's education.

Kim Cameron has this to say:

"It drives me nuts that people can just open their mouths and say anything they want about biometrics... without any regard for the facts. There should really be fines for this type of thing - rather like we have for people who pretend they're a brain surgeon and then cut peoples' heads open."

and on telling the truth "There should be accountability and penalties for those who consciously mislead people like the Marlin County school board, convincing them there is no risk to privacy by preying on their inability to understand technical issues."

Tuesday, May 08, 2007

"Issues and Standardization"

There is another well written article, "Issues and Standardization" by Patricia Duebel in The Journal where she tackles the issues surrounding consent, privacy and industry standardization, making separate, isolated biometric databases compatible with each other.

This is part 2 of three articles. The last article will "look at vendor claims and a sound business plan of action that leads to a security solution you really need."

There are many issues involving this technology with children and as with any tool, biometrics used in the right circumstances can be used to good effect. However schools, currently both in the UK and US, really don't have much 'informed' information to go off than biometric vendor claims. In this respect Patricia's articles are a valuable read for both parents, students and school districts considering this technology, covering a wide range of aspects on this issue, backed up with independent references.

"After getting an understanding of the technology, its potential and the issues surrounding its use, will you allow your district to be swayed by vendor claims? The important question is: "Do you require a reliable biometric solution, or is it just something that would be nice to have?" Don't put the cart before the horse. You're not ready yet to decide. You need a business plan of action, but that's for next time." (page 4, last paragraph).

Friday, May 04, 2007

Where is the guidance?

Well maybe I'm being tough, it's only 1 day late.

For any of you that want to search BECTA's website for the guidance that has been long promised by the Government due out end March 2007, then put back to May 4th until after the local elections (because biometric technology and it's little known, unregulated, haphazard use with children in schools mostly without parents knowledge, is presumably a big enough "bat" for opposition to use to affect voters decisions?), just type the below in to Google:

site: biometric - here's Google's result for this,


site: fingerprint - and this search result here.

Lots of 'products' listed but no guidance for teachers on this yet... if anyone finds any please let me know!

Tuesday, May 01, 2007

Privacy Impact Assessments...

The Information Commissioner, Richard Thomas, was interviewed this morning on BBC Radio 4's 'Today' programme. In his interview at 7.30am he talked about needing a debate on the level of surveillance in today's society and talked about needing a public debate on the subject about where the line should be drawn with regards to surveillance.

He then went on to talk about the need for companies to do privacy impact assessments before installing databases, to asses identity risks, showing how organisations minimise the impact on privacy, assessing the chances that things could go wrong and to minimise excessive surveillance.

In light on the guidelines for biometrics in schools which the Information Commissioners Office has advised on, due to be issued after May 3rd, his comments are encouraging regarding his feelings that both government departments and private companies should carry out a privacy impact assessment before installing new databases.

The Irish Data Commissioner has advised schools to carry out a privacy impact assessment before installing and using biometric technology with children... "This is an important procedure to adopt as a contravention may result in action being taking against a school or college by the Commissioner, or may expose a school or college to a claim for damages from a student." Point 8 on the guidance.

If Richard Thomas is keen for privacy impact assessments to be undertaken in the adult community then one would presume that this courtesy will absolutely be extended to our children's biometric databases quickly emerging in schools, especially as the Irish Commissioner has set a precedent in this area listing at least 36 points to consider on this.

(You can 'listen again' to the BBC interview which lasts about 5 minutes or find it in the archive for this week)